Menu
I'm analyzing some cracks, and one of them changed the Relocation Table address and size to 0. What the cracker was trying to achieve with this?
To provide more information, the objective of the crack is load another DLL, changing the name of a previous windows DLL name in load table for a custom one.
498
asked Oct 29 '25 09:10
Deleting relocating table guarantees that DLL can't be relocated.
So new code (code of crack) don't need to calculate any address in DLL and can use constant address values.
Also often relocation table is not actually necessary, so it can be removed to reduce size of module, or to replace it with some data.
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
